Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer giving me random search results

Started by inthewoods , Sep 22 2010 06:52 AM

This topic is locked

#16
inthewoods

Posted 29 September 2010 - 08:05 AM

Member

Topic Starter
Member
23 posts

No infected files found. However OTL did not create the file Extras.txt.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

9/29/2010 7:46:42 AM
mbam-log-2010-09-29 (07-46-42).txt

Scan type: Quick scan
Objects scanned: 124522
Time elapsed: 9 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 9/29/2010 7:53:19 AM - Run 3
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\FMS\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 461.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.18 Gb Total Space | 50.54 Gb Free Space | 71.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 5.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.91 Gb Total Space | 1.77 Gb Free Space | 93.07% Space Free | Partition Type: FAT
Drive G: | 7.52 Gb Total Space | 7.48 Gb Free Space | 99.54% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STN1
Current User Name: FMS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\FMS\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iolo\System Shield\ioloSSTray.exe ()
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Active-Charge\Active-Charge.Exe (VeriFone, Inc.)
PRC - C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe (Qwest)
PRC - C:\Advanced Wheel Mouse\wh_exec.exe ()
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe ()
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe ()
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\EloDkMon.exe (Elo Touchsystems, Inc.)
PRC - C:\WINDOWS\system32\EloSrvce.exe (Elo Touchsystems, Inc.)
PRC - C:\WINDOWS\system32\EloTTray.exe (Elo Touchsystems, Inc.)
PRC - C:\Program Files\Verizon Wireless\VZAccess Manager\Drivers\Palm\PalmOneLiveConnect.exe (Palm, Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Verizon Wireless\VZAccess Manager\Drivers\Palm\TetherApp.exe (June Fabrics Technology, Inc.)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
PRC - C:\MSSQL7\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\MSSQL7\Binn\sqlmangr.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\FMS\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\WMVCore.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\sti.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\shgina.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\odbc32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netui1.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netui0.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ntlanman.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netrap.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msgina.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\drprov.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\davclnt.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\xpsp2res.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\odbcint.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wmasf.dll (Microsoft Corporation)
MOD - C:\Program Files\Qwest\QuickCare\bin\sprthook.dll (SupportSoft, Inc.)
MOD - C:\Advanced Wheel Mouse\wh_hook.dll ()

========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe File not found
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Authentium, Inc)
SRV - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
SRV - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (EloSystemService) -- C:\WINDOWS\system32\EloSrvce.exe (Elo Touchsystems, Inc.)
SRV - (MSSQLServer) -- C:\MSSQL7\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLServerAgent) -- C:\MSSQL7\Binn\sqlagent.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
DRV - (AMP) -- C:\WINDOWS\system32\drivers\amp.sys (Authentium, Inc)
DRV - (AMPSE) -- C:\WINDOWS\system32\drivers\ampse.sys (Authentium, Inc)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (whfltr2k) -- C:\WINDOWS\system32\drivers\whfltr2k.sys ()
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (EloUsb) -- C:\WINDOWS\system32\drivers\EloUsb.Sys (Elo Touchsystems, Inc.)
DRV - (elomoufiltr) -- C:\WINDOWS\system32\drivers\elofiltr.sys (Elo Touchsystems, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (palmmdm) -- C:\WINDOWS\system32\drivers\palmmdm.sys (June Fabrics Technology Inc.)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SMNDIS5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys (Smith Micro Software, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (MagEpNt) -- C:\WINDOWS\System32\drivers\magepnt.sys (MagTek)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.../www.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.chase.com/Chase.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/05/24 12:56:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/07/10 03:07:50 | 000,000,000 | ---D | M]

[2010/09/16 09:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FMS\Application Data\Mozilla\Extensions
[2010/09/16 09:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FMS\Application Data\Mozilla\Firefox\Profiles\59fke6ln.default\extensions
[2010/09/16 09:27:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [PalmTether] C:\Program Files\Verizon Wireless\VZAccess Manager\Drivers\Palm\TetherApp.exe (June Fabrics Technology, Inc.)
O4 - HKLM..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe (Qwest)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WheelMouse] C:\Advanced Wheel Mouse\wh_exec.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\FMS\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\FMS\Start Menu\Programs\Startup\Palm Registration.lnk = C:\Program Files\Palm\register.exe (Palm/Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} https://ra.qwest.com...ad/tgctlins.cab (SupportSoft Installer)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1184337109265 (WUWebControl Class)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\FMS\Local Settings\Temporary Internet Files\Content.IE5\EO3YVIRI\Country Cleaners Logo.jpg
O24 - Desktop BackupWallPaper: C:\Documents and Settings\FMS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/12/11 14:03:59 | 000,000,277 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/29 07:30:33 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\FMS\Desktop\TFC.exe
[2010/09/28 13:26:24 | 001,293,400 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\FMS\Desktop\TDSSKiller.exe
[2010/09/28 11:33:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/22 06:24:25 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\FMS\Desktop\OTL.exe
[2010/09/22 06:17:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\unknown
[2010/09/22 06:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\Local Settings\Application Data\WinZip
[2010/09/21 06:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\Application Data\Malwarebytes
[2010/09/21 06:19:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/21 06:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/21 06:19:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/20 07:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/20 06:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/20 06:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/20 06:50:49 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2010/09/20 06:49:34 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\lacey.exe
[2010/09/20 06:48:33 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\erunt-setup.exe
[2010/09/20 06:47:26 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\TFC.exe
[2010/09/18 07:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/18 06:43:28 | 001,913,056 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\FMS\Desktop\HousecallLauncher.exe
[2010/09/17 13:00:30 | 000,000,000 | ---D | C] -- C:\iolo
[2010/09/17 12:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2010/09/17 12:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Authentium
[2010/09/17 12:14:46 | 000,118,784 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\iavlsp.dll
[2010/09/17 12:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2010/09/17 12:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\Application Data\iolo
[2010/09/17 12:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/09/17 06:52:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/09/17 06:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/09/17 06:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/09/17 06:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/09/17 06:34:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/09/17 06:27:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/09/16 16:56:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/09/16 16:51:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/09/16 16:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft(2)
[2010/09/16 16:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\FinalMediaPlayer
[2010/09/16 14:29:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\FMS\IECompatCache
[2010/09/16 10:17:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\FMS\PrivacIE
[2010/09/16 10:16:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\FMS\IETldCache
[2010/09/16 10:11:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/09/16 09:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\Local Settings\Application Data\Mozilla
[2010/09/16 09:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\Application Data\Mozilla
[2010/09/16 09:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/09/15 07:20:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\FMS\Application Data\Brother
[2010/09/15 07:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\Local Settings\Application Data\Scansoft
[2010/09/15 07:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\My Documents\My PaperPort Documents
[2010/09/15 06:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BrFaxRx
[2010/09/15 06:54:24 | 000,054,784 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\brinsstr.dll
[2010/09/15 06:54:11 | 000,063,488 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrNetSti.dll
[2010/09/15 06:54:11 | 000,058,368 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\BrWiaNCp.dll
[2010/09/15 06:54:11 | 000,041,472 | ---- | C] (Brother Industries,Ltd) -- C:\WINDOWS\System32\Brnsplg.dll
[2010/09/15 06:54:09 | 001,397,248 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrWia07b.dll
[2010/09/15 06:54:09 | 000,094,208 | ---- | C] (Brother Industries Ltd) -- C:\WINDOWS\System32\BRRBTOOL.EXE
[2010/09/15 06:54:09 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BRLMW03A.DLL
[2010/09/15 06:54:09 | 000,024,223 | ---- | C] (brother Industries Ltd) -- C:\WINDOWS\System32\BRLM03A.DLL
[2010/09/15 06:54:08 | 000,000,000 | ---D | C] -- C:\Brother
[2010/09/15 06:54:06 | 000,167,936 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll
[2010/09/15 06:54:05 | 000,131,072 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\brunin03.dll
[2010/09/15 06:54:05 | 000,102,400 | ---- | C] (Brother Industries,LTD.) -- C:\WINDOWS\System32\BrMfNt.dll
[2010/09/15 06:54:05 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\WINDOWS\System32\BRCrypt.dll
[2010/09/15 06:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2010/09/15 06:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2010/09/15 06:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft
[2010/09/15 06:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2010/07/10 03:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/07/09 12:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\Application Data\FinalMediaPlayer
[2010/07/02 06:18:06 | 000,000,000 | ---D | C] -- C:\Advanced Wheel Mouse

========== Files - Modified Within 90 Days ==========

[2010/09/29 07:36:19 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\iolo.ini
[2010/09/29 07:35:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/29 07:34:55 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/29 07:34:51 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/09/29 07:34:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/29 07:34:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/29 07:34:21 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/29 07:33:45 | 003,772,416 | ---- | M] () -- C:\Documents and Settings\FMS\ntuser.dat
[2010/09/29 07:33:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\FMS\ntuser.ini
[2010/09/29 07:29:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FMS\Desktop\TFC.exe
[2010/09/29 07:03:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/29 06:48:52 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\dds.scr
[2010/09/29 06:14:10 | 000,031,568 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\rootkitunhookerreport
[2010/09/29 06:11:36 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\MBRCheck.exe
[2010/09/28 12:09:16 | 000,001,947 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/28 11:52:25 | 000,032,072 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\rootkitunhookerlog
[2010/09/28 11:31:08 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\RKUnhookerLE.EXE
[2010/09/27 06:02:45 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\Notepad.lnk
[2010/09/22 06:39:15 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\HiJackThis.lnk
[2010/09/22 06:22:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FMS\Desktop\OTL.exe
[2010/09/21 15:43:32 | 001,193,882 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\tdsskiller.zip
[2010/09/21 06:19:52 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LAcey.lnk
[2010/09/20 07:00:08 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\TFC.exe
[2010/09/20 06:59:42 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\FMS\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/20 06:59:37 | 000,000,643 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\NTREGOPT.lnk
[2010/09/20 06:59:37 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\ERUNT.lnk
[2010/09/20 06:59:16 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\erunt-setup.exe
[2010/09/20 06:58:31 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\lacey.exe
[2010/09/20 06:58:23 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010/09/18 07:04:26 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\FMS\Start Menu\Programs\Startup\Palm Registration.lnk
[2010/09/18 06:45:00 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\FMS\Local Settings\Application Data\housecall.guid.cache
[2010/09/18 06:43:44 | 001,913,056 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\FMS\Desktop\HousecallLauncher.exe
[2010/09/18 06:13:01 | 000,001,721 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\System Shield.lnk
[2010/09/18 03:20:16 | 000,251,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/18 03:04:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/17 12:54:58 | 000,459,696 | ---- | M] () -- C:\ss_dm.exe
[2010/09/17 12:09:27 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2010/09/17 10:03:04 | 000,066,216 | ---- | M] () -- C:\Documents and Settings\FMS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/17 06:54:41 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/17 06:54:41 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/17 06:54:41 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/17 06:53:31 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/09/17 06:49:09 | 002,105,070 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/09/17 06:30:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/16 14:14:29 | 000,000,009 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini
[2010/09/16 10:16:21 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\FMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/16 09:27:43 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\FMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/16 09:27:43 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/15 10:43:43 | 000,006,906 | ---- | M] () -- C:\Documents and Settings\FMS\Application Data\wklnhst.dat
[2010/09/15 06:55:25 | 000,000,410 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/15 06:55:02 | 000,000,225 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2010/09/15 06:55:02 | 000,000,093 | ---- | M] () -- C:\WINDOWS\brpcfx.ini
[2010/09/07 14:44:52 | 001,293,400 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\FMS\Desktop\TDSSKiller.exe
[2010/08/27 07:35:47 | 000,919,384 | ---- | M] () -- C:\Documents and Settings\FMS\My Documents\CountryCleanersMMDSept10.pdf
[2010/07/30 07:20:36 | 000,912,333 | ---- | M] () -- C:\Documents and Settings\FMS\My Documents\CountryCleanersMMDAug10 1.pdf
[2010/07/14 06:26:24 | 000,000,482 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/09 12:52:17 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\FMS\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
[2010/07/09 12:52:17 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\FinalMediaPlayer.lnk

========== Files Created - No Company Name ==========

[2010/09/29 06:50:00 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\dds.scr
[2010/09/29 06:14:43 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\MBRCheck.exe
[2010/09/29 06:14:10 | 000,031,568 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\rootkitunhookerreport
[2010/09/28 13:30:35 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2010/09/28 13:26:06 | 001,193,882 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\tdsskiller.zip
[2010/09/28 12:09:16 | 000,001,947 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/28 11:52:21 | 000,032,072 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\rootkitunhookerlog
[2010/09/28 11:47:55 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\RKUnhookerLE.EXE
[2010/09/25 05:58:11 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\gmer.exe
[2010/09/21 06:19:52 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LAcey.lnk
[2010/09/20 06:59:42 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\FMS\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/20 06:59:37 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\NTREGOPT.lnk
[2010/09/20 06:59:37 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\ERUNT.lnk
[2010/09/18 07:43:39 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\HiJackThis.lnk
[2010/09/18 06:45:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\FMS\Local Settings\Application Data\housecall.guid.cache
[2010/09/17 12:54:37 | 000,459,696 | ---- | C] () -- C:\ss_dm.exe
[2010/09/17 12:14:56 | 000,001,721 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\System Shield.lnk
[2010/09/17 12:09:27 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/09/16 09:27:43 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\FMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/16 09:27:43 | 000,001,634 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/15 06:55:25 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/15 06:55:02 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/09/15 06:55:02 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/09/15 06:54:53 | 003,772,416 | ---- | C] () -- C:\Documents and Settings\FMS\ntuser.dat
[2010/09/15 06:54:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2010/09/15 06:54:09 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2010/09/15 06:54:07 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/09/15 06:54:05 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/08/27 07:35:47 | 000,919,384 | ---- | C] () -- C:\Documents and Settings\FMS\My Documents\CountryCleanersMMDSept10.pdf
[2010/07/30 07:20:36 | 000,912,333 | ---- | C] () -- C:\Documents and Settings\FMS\My Documents\CountryCleanersMMDAug10 1.pdf
[2010/07/14 06:46:12 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\Outlook Express.lnk
[2010/07/09 12:52:17 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\FMS\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
[2010/07/09 12:52:17 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\FinalMediaPlayer.lnk
[2009/07/27 06:28:10 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\FMS\Application Data\dvd.bmk
[2007/07/16 10:21:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TECK.dll
[2007/07/16 10:21:39 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/07/16 10:21:39 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/07/12 13:02:43 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\tls704d.dll
[2007/07/12 13:02:43 | 000,409,600 | ---- | C] () -- C:\WINDOWS\System32\NOVA_API.dll
[2007/07/12 13:02:43 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\cmeparse.dll
[2007/07/12 13:02:43 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\ipinplus32.dll
[2007/07/12 12:51:57 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2007/03/29 11:04:52 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\FMS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/26 19:29:41 | 000,006,906 | ---- | C] () -- C:\Documents and Settings\FMS\Application Data\wklnhst.dat
[2007/01/25 09:45:02 | 000,006,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\whfltr2k.sys
[2006/12/16 08:43:53 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\FMS\Local Settings\Application Data\fusioncache.dat
[2006/12/05 14:05:40 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/05 14:05:40 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\A777487C0E.sys
[2006/11/29 11:27:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/10/18 23:19:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/18 23:15:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/18 23:11:02 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/18 22:42:52 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 16:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[1999/06/05 15:47:06 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MSPOS_USB.dll

========== LOP Check ==========

[2007/02/15 14:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/09/17 12:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/09/16 16:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft(2)
[2007/12/06 01:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/10/18 23:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/20 09:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/10 12:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FMS\Application Data\FinalMediaPlayer
[2007/02/15 14:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FMS\Application Data\HotSync
[2010/09/18 07:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FMS\Application Data\iolo
[2007/02/15 14:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FMS\Application Data\Leadertech
[2007/02/15 14:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FMS\Application Data\Smith Micro
[2007/02/26 19:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FMS\Application Data\Template
[2006/11/29 11:20:38 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/02/12 14:56:23 | 000,001,654 | ---- | M] () -- C:\additdiag.txt
[2004/08/11 16:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/11/29 11:20:39 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004/08/11 16:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/10/18 22:47:08 | 000,005,856 | RH-- | M] () -- C:\dell.sdr
[2010/09/20 06:59:16 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\erunt-setup.exe
[2010/09/29 07:34:21 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2006/11/29 11:44:15 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 16:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/10/18 23:05:55 | 000,000,828 | -H-- | M] () -- C:\IPH.PH
[2010/02/18 08:40:44 | 000,919,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\JavaSetup6u18-rv.exe
[2010/09/20 06:58:31 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\lacey.exe
[2004/08/11 16:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/09/17 06:30:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/20 06:58:23 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010/09/29 07:34:20 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/09/17 12:54:58 | 000,459,696 | ---- | M] () -- C:\ss_dm.exe
[2006/10/18 23:06:01 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2010/09/28 13:28:58 | 000,048,672 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_28.09.2010_13.26.30_log.txt
[2010/09/20 07:00:08 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\TFC.exe
[2009/10/20 09:18:53 | 014,308,680 | ---- | M] () -- C:\winzip140.exe

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/11 16:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/11 16:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 16:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 16:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/09/17 06:35:17 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/11/29 11:22:24 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\FMS\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/11 16:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\FMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\gmer.exe
[2010/09/18 06:43:44 | 001,913,056 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\FMS\Desktop\HousecallLauncher.exe
[2010/09/29 06:11:36 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\MBRCheck.exe
[2010/09/22 06:22:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FMS\Desktop\OTL.exe
[2010/09/28 11:31:08 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\RKUnhookerLE.EXE
[2010/09/07 14:44:52 | 001,293,400 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\FMS\Desktop\TDSSKiller.exe
[2010/09/29 07:29:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FMS\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 04:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/11/29 11:22:23 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\FMS\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/15 06:23:24 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\FMS\Cookies\desktop.ini
[2010/09/29 07:35:58 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\FMS\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/09/15 11:27:54 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >
[2008/04/13 18:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/09/29 07:33:45 | 003,772,416 | ---- | M] () -- C:\Documents and Settings\FMS\ntuser.dat

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
[2003/08/06 02:32:32 | 000,151,552 | ---- | M] (SHARP Corporation) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\SC1BSTMN.EXE

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >
[2006/10/18 23:05:40 | 000,043,008 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\Annabelle.rpv
[2006/10/18 23:05:40 | 000,080,384 | ---- | M] () -- C:\Program Files\Common Files\Real\Visualizations\CosmicBelt.rpv
[2006/10/18 23:05:40 | 000,007,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\Fire.rpv
[2006/10/18 23:05:40 | 000,007,680 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\FreqBands.rpv
[2006/10/18 23:05:40 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Real\Visualizations\Nebula.rpv

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-29 09:02:02
< End of report >

#17
azarl

Posted 29 September 2010 - 01:37 PM

GeekU Admin

Community Leader
25,310 posts

Kaspersky WebScanner
Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA technology to perform the scan. If you do not have the latest JAVA version, follow the instructions below under Upgrading Java, to download and install the latest vision.

Upgrading Java

Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u21-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586-p.exe and select "Run as an Administrator.")

Running Kaspersky WebScanner

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure the following is checked.
- Spyware, Adware, Diallers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

#18
inthewoods

Posted 30 September 2010 - 07:03 AM

Member

Topic Starter
Member
23 posts

I am having many troubles with Java. I have two add/remove programs with Java descriptions niether of which I can remove succesfully. The new Java version will not load. I have the following:

J2SE Runtime Enviroment 5.0 Update 6

I get the options to CHANGE or REMOVE. When I try to REMOVE this I get the following "You already have this version of the JRE installed. Please uninstall the product through your add/remove proggrams utility before reinstalling.

Which is exzactly what im trying to do. If I push Change I get the same dialog box but when I hit cancel it takes me to the Java screen and says installation completed click finish to complete installation. When I push finish I get "Fatal error during installation."

Java™ 6 update 18

I get the option to REMOVE this program. When I push remove it tells me "The feature you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter and alternate path to a folder containting the installation package 'jre1.6.0_18-c.msi' in the box below. I have tried searching for this file name and can not find it anywhere.

If I attempt to install JAVA without removing the current programs I get the same message above and it kicks me out of installation.

I have no idea on how to remove these programs. I am very lost. Do you have any suggestions?

#19
azarl

Posted 30 September 2010 - 07:51 AM

GeekU Admin

Community Leader
25,310 posts

Try this:

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

#20
inthewoods

Posted 30 September 2010 - 08:32 AM

Member

Topic Starter
Member
23 posts

That worked great at removing J2SE Runtime Enviroment 5.0 Update 6. I rebooted afterword.

However I still have the other problem.

Java™ 6 update 18

I get the option to REMOVE this program. When I push remove it tells me "The feature you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter and alternate path to a folder containting the installation package 'jre1.6.0_18-c.msi' in the box below. I have tried searching for this file name and can not find it anywhere.

If I attempt to install your version of JAVA without removing the current program I get the same message above and it kicks me out of installation.

#21
azarl

Posted 30 September 2010 - 09:42 AM

GeekU Admin

Community Leader
25,310 posts

Run OTL again, setting

Processes- None
Modules - None
Services - None
Drivers - None
Standard Registry - None
Extra Registry - None
Files Created Within - None
Files Modified Within - None
Under the Custom Scan box paste this in:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Then click Run Scan and paste the log in your next response

#22
inthewoods

Posted 30 September 2010 - 09:50 AM

Member

Topic Starter
Member
23 posts

OTL logfile created on: 9/30/2010 9:47:30 AM - Run 4
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\FMS\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 343.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.18 Gb Total Space | 51.30 Gb Free Space | 72.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 5.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.91 Gb Total Space | 1.77 Gb Free Space | 93.07% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STN1
Current User Name: FMS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Files/Folders - Created Within 30 Days ==========

[2010/09/30 08:17:04 | 000,378,880 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\FMS\Desktop\JavaRa.exe
[2010/09/30 06:16:57 | 016,062,240 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\FMS\Desktop\jre-6u21-windows-i586.exe
[2010/09/29 07:30:33 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\FMS\Desktop\TFC.exe
[2010/09/28 13:26:24 | 001,293,400 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\FMS\Desktop\TDSSKiller.exe
[2010/09/28 11:33:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/22 06:24:25 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\FMS\Desktop\OTL.exe
[2010/09/22 06:17:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\unknown
[2010/09/22 06:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\Local Settings\Application Data\WinZip
[2010/09/21 06:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\Application Data\Malwarebytes
[2010/09/21 06:19:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/21 06:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/21 06:19:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/20 07:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/20 06:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/20 06:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/20 06:50:49 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2010/09/20 06:49:34 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\lacey.exe
[2010/09/20 06:48:33 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\erunt-setup.exe
[2010/09/20 06:47:26 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\TFC.exe
[2010/09/18 07:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/18 06:43:28 | 001,913,056 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\FMS\Desktop\HousecallLauncher.exe
[2010/09/17 13:00:30 | 000,000,000 | ---D | C] -- C:\iolo
[2010/09/17 12:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2010/09/17 12:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Authentium
[2010/09/17 12:14:46 | 000,118,784 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\iavlsp.dll
[2010/09/17 12:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2010/09/17 12:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\Application Data\iolo
[2010/09/17 12:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/09/17 06:52:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/09/17 06:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/09/17 06:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/09/17 06:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/09/17 06:34:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/09/17 06:27:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/09/16 16:56:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/09/16 16:51:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/09/16 16:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft(2)
[2010/09/16 16:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\FinalMediaPlayer
[2010/09/16 14:29:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\FMS\IECompatCache
[2010/09/16 10:17:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\FMS\PrivacIE
[2010/09/16 10:16:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\FMS\IETldCache
[2010/09/16 10:11:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/09/16 09:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\Local Settings\Application Data\Mozilla
[2010/09/16 09:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\Application Data\Mozilla
[2010/09/16 09:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/09/15 07:20:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\FMS\Application Data\Brother
[2010/09/15 07:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\Local Settings\Application Data\Scansoft
[2010/09/15 07:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\My Documents\My PaperPort Documents
[2010/09/15 06:55:13 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2010/09/15 06:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BrFaxRx
[2010/09/15 06:54:24 | 000,054,784 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\brinsstr.dll
[2010/09/15 06:54:11 | 000,063,488 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrNetSti.dll
[2010/09/15 06:54:11 | 000,058,368 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\BrWiaNCp.dll
[2010/09/15 06:54:11 | 000,041,472 | ---- | C] (Brother Industries,Ltd) -- C:\WINDOWS\System32\Brnsplg.dll
[2010/09/15 06:54:09 | 001,397,248 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrWia07b.dll
[2010/09/15 06:54:09 | 000,094,208 | ---- | C] (Brother Industries Ltd) -- C:\WINDOWS\System32\BRRBTOOL.EXE
[2010/09/15 06:54:09 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BRLMW03A.DLL
[2010/09/15 06:54:09 | 000,024,223 | ---- | C] (brother Industries Ltd) -- C:\WINDOWS\System32\BRLM03A.DLL
[2010/09/15 06:54:08 | 000,000,000 | ---D | C] -- C:\Brother
[2010/09/15 06:54:06 | 000,167,936 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll
[2010/09/15 06:54:05 | 000,131,072 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\brunin03.dll
[2010/09/15 06:54:05 | 000,102,400 | ---- | C] (Brother Industries,LTD.) -- C:\WINDOWS\System32\BrMfNt.dll
[2010/09/15 06:54:05 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\WINDOWS\System32\BRCrypt.dll
[2010/09/15 06:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2010/09/15 06:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2010/09/15 06:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft
[2010/09/15 06:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother

========== Files - Modified Within 30 Days ==========

[2010/09/30 09:03:20 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/09/30 09:03:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/30 08:27:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/30 08:27:34 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\iolo.ini
[2010/09/30 08:26:59 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/30 08:26:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/30 08:26:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/30 08:26:50 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/30 08:26:02 | 003,772,416 | ---- | M] () -- C:\Documents and Settings\FMS\ntuser.dat
[2010/09/30 08:26:02 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\FMS\ntuser.ini
[2010/09/30 08:22:14 | 016,062,240 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\FMS\Desktop\jre-6u21-windows-i586.exe
[2010/09/30 08:17:04 | 000,156,329 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\JavaRa.zip
[2010/09/29 07:29:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FMS\Desktop\TFC.exe
[2010/09/29 06:48:52 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\dds.scr
[2010/09/29 06:14:10 | 000,031,568 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\rootkitunhookerreport
[2010/09/29 06:11:36 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\MBRCheck.exe
[2010/09/29 03:00:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/28 12:09:16 | 000,001,947 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/28 11:52:25 | 000,032,072 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\rootkitunhookerlog
[2010/09/28 11:31:08 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\RKUnhookerLE.EXE
[2010/09/27 06:02:45 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\Notepad.lnk
[2010/09/22 06:39:15 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\HiJackThis.lnk
[2010/09/22 06:22:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FMS\Desktop\OTL.exe
[2010/09/21 15:43:32 | 001,193,882 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\tdsskiller.zip
[2010/09/21 06:19:52 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LAcey.lnk
[2010/09/20 07:00:08 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\TFC.exe
[2010/09/20 06:59:42 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\FMS\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/20 06:59:37 | 000,000,643 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\NTREGOPT.lnk
[2010/09/20 06:59:37 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\ERUNT.lnk
[2010/09/20 06:59:16 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\erunt-setup.exe
[2010/09/20 06:58:31 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\lacey.exe
[2010/09/20 06:58:23 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010/09/18 07:04:26 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\FMS\Start Menu\Programs\Startup\Palm Registration.lnk
[2010/09/18 06:45:00 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\FMS\Local Settings\Application Data\housecall.guid.cache
[2010/09/18 06:43:44 | 001,913,056 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\FMS\Desktop\HousecallLauncher.exe
[2010/09/18 06:13:01 | 000,001,721 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\System Shield.lnk
[2010/09/18 03:20:16 | 000,251,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/17 12:54:58 | 000,459,696 | ---- | M] () -- C:\ss_dm.exe
[2010/09/17 12:09:27 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2010/09/17 10:03:04 | 000,066,216 | ---- | M] () -- C:\Documents and Settings\FMS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/17 06:54:41 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/17 06:54:41 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/17 06:54:41 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/17 06:53:31 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/09/17 06:49:09 | 002,105,070 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/09/17 06:30:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/16 14:14:29 | 000,000,009 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini
[2010/09/16 10:16:21 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\FMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/16 09:27:43 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\FMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/16 09:27:43 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/15 10:43:43 | 000,006,906 | ---- | M] () -- C:\Documents and Settings\FMS\Application Data\wklnhst.dat
[2010/09/15 06:55:25 | 000,000,410 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/15 06:55:02 | 000,000,225 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2010/09/15 06:55:02 | 000,000,093 | ---- | M] () -- C:\WINDOWS\brpcfx.ini
[2010/09/07 14:44:52 | 001,293,400 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\FMS\Desktop\TDSSKiller.exe

========== Files Created - No Company Name ==========

[2010/09/30 08:27:34 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2010/09/30 08:17:04 | 000,322,351 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\JavaRa.def
[2010/09/30 08:17:04 | 000,003,127 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\Nederlands.lng
[2010/09/30 08:17:04 | 000,003,027 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\Français.lng
[2010/09/30 08:17:04 | 000,002,946 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\Español.lng
[2010/09/30 08:17:04 | 000,002,920 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\Italiano.lng
[2010/09/30 08:17:04 | 000,002,758 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\Deutsch.lng
[2010/09/30 08:17:04 | 000,002,553 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\Suomi.lng
[2010/09/30 08:16:51 | 000,156,329 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\JavaRa.zip
[2010/09/29 06:50:00 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\dds.scr
[2010/09/29 06:14:43 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\MBRCheck.exe
[2010/09/29 06:14:10 | 000,031,568 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\rootkitunhookerreport
[2010/09/28 13:26:06 | 001,193,882 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\tdsskiller.zip
[2010/09/28 12:09:16 | 000,001,947 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/28 11:52:21 | 000,032,072 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\rootkitunhookerlog
[2010/09/28 11:47:55 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\RKUnhookerLE.EXE
[2010/09/25 05:58:11 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\gmer.exe
[2010/09/21 06:19:52 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LAcey.lnk
[2010/09/20 06:59:42 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\FMS\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/20 06:59:37 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\NTREGOPT.lnk
[2010/09/20 06:59:37 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\ERUNT.lnk
[2010/09/18 07:43:39 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\HiJackThis.lnk
[2010/09/18 06:45:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\FMS\Local Settings\Application Data\housecall.guid.cache
[2010/09/17 12:54:37 | 000,459,696 | ---- | C] () -- C:\ss_dm.exe
[2010/09/17 12:14:56 | 000,001,721 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\System Shield.lnk
[2010/09/17 12:09:27 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/09/16 09:27:43 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\FMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/16 09:27:43 | 000,001,634 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/15 06:55:25 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/15 06:55:02 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/09/15 06:55:02 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/09/15 06:54:53 | 003,772,416 | ---- | C] () -- C:\Documents and Settings\FMS\ntuser.dat
[2010/09/15 06:54:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2010/09/15 06:54:09 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2010/09/15 06:54:07 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/09/15 06:54:05 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/07/27 06:28:10 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\FMS\Application Data\dvd.bmk
[2007/07/16 10:21:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TECK.dll
[2007/07/16 10:21:39 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/07/16 10:21:39 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/07/12 13:02:43 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\tls704d.dll
[2007/07/12 13:02:43 | 000,409,600 | ---- | C] () -- C:\WINDOWS\System32\NOVA_API.dll
[2007/07/12 13:02:43 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\cmeparse.dll
[2007/07/12 13:02:43 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\ipinplus32.dll
[2007/07/12 12:51:57 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2007/03/29 11:04:52 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\FMS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/26 19:29:41 | 000,006,906 | ---- | C] () -- C:\Documents and Settings\FMS\Application Data\wklnhst.dat
[2007/01/25 09:45:02 | 000,006,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\whfltr2k.sys
[2006/12/16 08:43:53 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\FMS\Local Settings\Application Data\fusioncache.dat
[2006/12/05 14:05:40 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/05 14:05:40 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\A777487C0E.sys
[2006/11/29 11:27:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/10/18 23:19:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/18 23:15:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/18 23:11:02 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/18 22:42:52 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 16:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[1999/06/05 15:47:06 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MSPOS_USB.dll

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall >
"AOL Connectivity Services" =
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop Elements 8.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AudioPlugin.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CopyNow.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DataPlugin.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dell Digital Jukebox Driver]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dlatray.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EloTouchscreen]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FinalMediaPlayer_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeZip]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\getPlus®_ocx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Desktop]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Updater]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2079403]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2115168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2121546]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2141007]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2158563]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2160329]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2229593]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2259922]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2286198]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2347290]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB835221WXP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892130]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911564]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917734_WMP10]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923561]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923689]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923723]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB925398_WMP64]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB929969]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB931906]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB933566-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB936782_WMP10]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB937143-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938127-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB939653-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB941569]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB942615-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB944533-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB946648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB947864-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950759-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950762]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950974]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951066]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951072-v2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376-v2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951698]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951748]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951978]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952004]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952069_WM9]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952287]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952954]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB953838-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB953839]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954155_WM9]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954211]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955069]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955759]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955839]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956390-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956391]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956572]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956802]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956803]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956841]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956844]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957095]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957097]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958215-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958644]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958687]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958690]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958869]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959426]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960225]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960714-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960715]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960803]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960859]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961260-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961371]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961373]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961501]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB963027-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB967715]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968389]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968537]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968816_WM9]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969059]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969897-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969898]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969947]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970238]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970430]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970653-v3]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971468]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971486]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971557]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971633]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971657]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971737]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961-IE8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972260-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972270]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973346]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973354]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973507]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973525]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973540_WM9L]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973687]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973815]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973869]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974318]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974455-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974571]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975025]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975467]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975558_WM8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975561]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975562]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975713]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976098-v2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976325-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976749-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977165]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977914]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978037]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978207-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978251]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978262]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978338]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978542]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978601]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978695_WM9]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978706]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979306]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979309]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979482]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979559]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979683]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980182-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980195]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980218]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980436]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981322]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981332-IE8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981349]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981793]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981852]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981997]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982214]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982381-IE7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982665]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982802]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M979906]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Interactive Training]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSDE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMos Technology]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PROSet]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickTime]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QwestQuickCare_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 6.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssist]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StreetPlugin]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WGA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WheelMouse]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06E6E30D-B498-442F-A943-07DE41D7F785}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{075473F5-846A-448B-BCB3-104AA1760205}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{08234a0d-cf39-4dca-99f0-0c5cb496da81}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{178BAABD-0C95-4EB6-9E12-29A039EA27F6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216018FF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33BB4982-DC52-4886-A03B-F4C5C80BEE89}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3846E811-639D-4DE1-844B-30491C0A6C0C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{395A57A6-E0E1-C599-3A28-19A96682B4C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{403EF592-953B-4794-BCEF-ECAB835C2095}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4286E640-B5FB-11DF-AC4B-005056C00008}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45A66726-69BC-466B-A7A4-12FCBA4883D7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4998FF95-709A-430A-B104-92A009ABB848}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6D52C408-B09A-4520-9B18-475B81D393F1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{74F7662C-B1DB-489E-A8AC-07A06B24978B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8377F24B-D4A7-4707-A468-DDF15A71056C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{85D3CC30-8859-481A-9654-FD9B74310BEF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86FA6A42-5CD7-4EA0-BD92-8829C1162A77}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{87D946F1-3B51-401B-9AF1-BDB5CD84261A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{882362E0-C71A-411B-B16F-46D1B66E1890}_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9692FD03-6662-4E62-B08C-30DFF51651E1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2BCA9F1-566C-4805-97D1-7FDC93386723}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A81300000003}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B12665F4-4E93-4AB4-B7FC-37053B524629}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B702CCCE-3176-4DBF-B932-D1B8F402F330}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D167DA32-32AB-45FC-AEC1-7380BE2221A2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E9B-C73F-422C-AD4B-A66EBE257120}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2DEA1ED-F9D0-401D-9714-6FA8E89EF9D7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DCC7622D-A366-43ED-A749-D52F829F3F68}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DEF6C105-1B24-4D34-8840-97A935F00DDE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}]

< >

< >
< End of report >

#23
azarl

Posted 30 September 2010 - 11:02 AM

GeekU Admin

Community Leader
25,310 posts

Before we proceed we need to backup your Registry. Do not ignore this step as making changes to your computers registry can be a dangerous proceedure. A backup will allow us to recover information if necessary.

If a restore of the registry is required in case of emergency, just click on the exported regfile on your desktop, and answer YES to the question whether you want to merge this file with the registry. Wait until you get a message saying something like Merge Successfull.The utility we're going to use, ERUNT, will make a complete backup of your registry including the Security hive and user related sections.

Download and install ERUNT (Emergency Recovery Utility NT) from here or here
Click on ERUNT and follow the prompts to backup your registry to a location of your choosing.

++++++++++ oOo +++++++++

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe File not found

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216018FF}]

:Files
C:\JavaSetup6u18-rv.exe
C:\Program Files\InstallShield Installation Information\{26A24AE4-039D-4CA4-87B4-2F83216018FF}

:Commands
[purity]
[emptytemp]

[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log it produces in your next reply
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

++++++++++ oOo +++++++++

Try JavaRa again after the system has rebooted

#24
inthewoods

Posted 30 September 2010 - 11:28 AM

Member

Topic Starter
Member
23 posts

It will still not let me remove the program. The REMOVE button is now missing from add/remove programs feature but the application is still there.

All processes killed
========== OTL ==========
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
File C:\Program Files\Java\jre6\bin\jqs.exe File not found not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216018FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26A24AE4-039D-4CA4-87B4-2F83216018FF}\ not found.
========== FILES ==========
C:\JavaSetup6u18-rv.exe moved successfully.
File\Folder C:\Program Files\InstallShield Installation Information\{26A24AE4-039D-4CA4-87B4-2F83216018FF} not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: FMS
->Temp folder emptied: 331808 bytes
->Temporary Internet Files folder emptied: 13899880 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 564 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 10766400 bytes

Total Files Cleaned = 24.00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 09302010_111728

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\FMS\Local Settings\Temp\~DF5922.tmp not found!
File\Folder C:\Documents and Settings\FMS\Local Settings\Temp\~DF592D.tmp not found!
File\Folder C:\Documents and Settings\FMS\Local Settings\Temp\~DF5999.tmp not found!
File\Folder C:\Documents and Settings\FMS\Local Settings\Temp\~DF59A4.tmp not found!
File\Folder C:\Documents and Settings\FMS\Local Settings\Temp\~DF5AA4.tmp not found!
File\Folder C:\Documents and Settings\FMS\Local Settings\Temp\~DF5AB0.tmp not found!
C:\Documents and Settings\FMS\Local Settings\Temporary Internet Files\Content.IE5\864M1V2I\page__st__15__gopid__1907788[1].txt moved successfully.
C:\Documents and Settings\FMS\Local Settings\Temporary Internet Files\Content.IE5\864M1V2I\xd_proxy[2].htm moved successfully.
C:\Documents and Settings\FMS\Local Settings\Temporary Internet Files\Content.IE5\864M1V2I\yahoo_com[1].htm moved successfully.
C:\Documents and Settings\FMS\Local Settings\Temporary Internet Files\Content.IE5\5ECW1B0F\google_com[1].htm moved successfully.
C:\Documents and Settings\FMS\Local Settings\Temporary Internet Files\Content.IE5\5ECW1B0F\like[1].htm moved successfully.

Registry entries deleted on Reboot...

OTL logfile created on: 9/30/2010 11:20:48 AM - Run 5
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\FMS\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 397.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.18 Gb Total Space | 51.28 Gb Free Space | 72.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 5.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.91 Gb Total Space | 1.77 Gb Free Space | 93.07% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STN1
Current User Name: FMS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\FMS\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iolo\System Shield\ioloSSTray.exe ()
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe (Qwest)
PRC - C:\Advanced Wheel Mouse\wh_exec.exe ()
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe ()
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe ()
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\EloDkMon.exe (Elo Touchsystems, Inc.)
PRC - C:\WINDOWS\system32\EloSrvce.exe (Elo Touchsystems, Inc.)
PRC - C:\WINDOWS\system32\EloTTray.exe (Elo Touchsystems, Inc.)
PRC - C:\Program Files\Verizon Wireless\VZAccess Manager\Drivers\Palm\PalmOneLiveConnect.exe (Palm, Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Verizon Wireless\VZAccess Manager\Drivers\Palm\TetherApp.exe (June Fabrics Technology, Inc.)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
PRC - C:\MSSQL7\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\MSSQL7\Binn\sqlmangr.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\FMS\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\Qwest\QuickCare\bin\sprthook.dll (SupportSoft, Inc.)
MOD - C:\Advanced Wheel Mouse\wh_hook.dll ()

========== Win32 Services (SafeList) ==========

SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Authentium, Inc)
SRV - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
SRV - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (EloSystemService) -- C:\WINDOWS\system32\EloSrvce.exe (Elo Touchsystems, Inc.)
SRV - (MSSQLServer) -- C:\MSSQL7\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLServerAgent) -- C:\MSSQL7\Binn\sqlagent.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
DRV - (AMP) -- C:\WINDOWS\system32\drivers\amp.sys (Authentium, Inc)
DRV - (AMPSE) -- C:\WINDOWS\system32\drivers\ampse.sys (Authentium, Inc)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (whfltr2k) -- C:\WINDOWS\system32\drivers\whfltr2k.sys ()
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (EloUsb) -- C:\WINDOWS\system32\drivers\EloUsb.Sys (Elo Touchsystems, Inc.)
DRV - (elomoufiltr) -- C:\WINDOWS\system32\drivers\elofiltr.sys (Elo Touchsystems, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (palmmdm) -- C:\WINDOWS\system32\drivers\palmmdm.sys (June Fabrics Technology Inc.)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SMNDIS5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys (Smith Micro Software, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (MagEpNt) -- C:\WINDOWS\System32\drivers\magepnt.sys (MagTek)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.../www.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.chase.com/Chase.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/05/24 12:56:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/07/10 03:07:50 | 000,000,000 | ---D | M]

[2010/09/16 09:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FMS\Application Data\Mozilla\Extensions
[2010/09/16 09:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FMS\Application Data\Mozilla\Firefox\Profiles\59fke6ln.default\extensions
[2010/09/16 09:27:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [PalmTether] C:\Program Files\Verizon Wireless\VZAccess Manager\Drivers\Palm\TetherApp.exe (June Fabrics Technology, Inc.)
O4 - HKLM..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe (Qwest)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WheelMouse] C:\Advanced Wheel Mouse\wh_exec.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\FMS\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\FMS\Start Menu\Programs\Startup\Palm Registration.lnk = C:\Program Files\Palm\register.exe (Palm/Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} https://ra.qwest.com...ad/tgctlins.cab (SupportSoft Installer)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1184337109265 (WUWebControl Class)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\FMS\Local Settings\Temporary Internet Files\Content.IE5\EO3YVIRI\Country Cleaners Logo.jpg
O24 - Desktop BackupWallPaper: C:\Documents and Settings\FMS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/12/11 14:03:59 | 000,000,277 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/30 08:17:04 | 000,378,880 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\FMS\Desktop\JavaRa.exe
[2010/09/29 07:30:33 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\FMS\Desktop\TFC.exe
[2010/09/28 13:26:24 | 001,293,400 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\FMS\Desktop\TDSSKiller.exe
[2010/09/28 11:33:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/22 06:24:25 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\FMS\Desktop\OTL.exe
[2010/09/22 06:17:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\unknown
[2010/09/22 06:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\Local Settings\Application Data\WinZip
[2010/09/21 06:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\Application Data\Malwarebytes
[2010/09/21 06:19:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/21 06:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/21 06:19:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/20 07:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/20 06:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/20 06:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/20 06:50:49 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2010/09/20 06:49:34 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\lacey.exe
[2010/09/20 06:48:33 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\erunt-setup.exe
[2010/09/20 06:47:26 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\TFC.exe
[2010/09/18 07:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/18 06:43:28 | 001,913,056 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\FMS\Desktop\HousecallLauncher.exe
[2010/09/17 13:00:30 | 000,000,000 | ---D | C] -- C:\iolo
[2010/09/17 12:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2010/09/17 12:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Authentium
[2010/09/17 12:14:46 | 000,118,784 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\iavlsp.dll
[2010/09/17 12:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2010/09/17 12:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\Application Data\iolo
[2010/09/17 12:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/09/17 06:52:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/09/17 06:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/09/17 06:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/09/17 06:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/09/17 06:34:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/09/17 06:27:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/09/16 16:56:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/09/16 16:51:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/09/16 16:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft(2)
[2010/09/16 16:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\FinalMediaPlayer
[2010/09/16 14:29:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\FMS\IECompatCache
[2010/09/16 10:17:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\FMS\PrivacIE
[2010/09/16 10:16:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\FMS\IETldCache
[2010/09/16 10:11:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/09/16 09:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\Local Settings\Application Data\Mozilla
[2010/09/16 09:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\Application Data\Mozilla
[2010/09/16 09:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/09/15 07:20:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\FMS\Application Data\Brother
[2010/09/15 07:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\Local Settings\Application Data\Scansoft
[2010/09/15 07:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\My Documents\My PaperPort Documents
[2010/09/15 06:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BrFaxRx
[2010/09/15 06:54:24 | 000,054,784 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\brinsstr.dll
[2010/09/15 06:54:11 | 000,063,488 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrNetSti.dll
[2010/09/15 06:54:11 | 000,058,368 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\BrWiaNCp.dll
[2010/09/15 06:54:11 | 000,041,472 | ---- | C] (Brother Industries,Ltd) -- C:\WINDOWS\System32\Brnsplg.dll
[2010/09/15 06:54:09 | 001,397,248 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrWia07b.dll
[2010/09/15 06:54:09 | 000,094,208 | ---- | C] (Brother Industries Ltd) -- C:\WINDOWS\System32\BRRBTOOL.EXE
[2010/09/15 06:54:09 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BRLMW03A.DLL
[2010/09/15 06:54:09 | 000,024,223 | ---- | C] (brother Industries Ltd) -- C:\WINDOWS\System32\BRLM03A.DLL
[2010/09/15 06:54:08 | 000,000,000 | ---D | C] -- C:\Brother
[2010/09/15 06:54:06 | 000,167,936 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll
[2010/09/15 06:54:05 | 000,131,072 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\brunin03.dll
[2010/09/15 06:54:05 | 000,102,400 | ---- | C] (Brother Industries,LTD.) -- C:\WINDOWS\System32\BrMfNt.dll
[2010/09/15 06:54:05 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\WINDOWS\System32\BRCrypt.dll
[2010/09/15 06:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2010/09/15 06:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2010/09/15 06:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft
[2010/09/15 06:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2010/07/10 03:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/07/09 12:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FMS\Application Data\FinalMediaPlayer

========== Files - Modified Within 90 Days ==========

[2010/09/30 11:19:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/30 11:19:21 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\iolo.ini
[2010/09/30 11:19:18 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/09/30 11:18:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/30 11:18:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/30 11:18:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/30 11:18:43 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/30 11:18:14 | 003,772,416 | ---- | M] () -- C:\Documents and Settings\FMS\ntuser.dat
[2010/09/30 11:18:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\FMS\ntuser.ini
[2010/09/30 11:03:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/30 08:17:04 | 000,156,329 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\JavaRa.zip
[2010/09/29 07:29:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FMS\Desktop\TFC.exe
[2010/09/29 06:48:52 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\dds.scr
[2010/09/29 06:14:10 | 000,031,568 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\rootkitunhookerreport
[2010/09/29 06:11:36 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\MBRCheck.exe
[2010/09/29 03:00:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/28 12:09:16 | 000,001,947 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/28 11:52:25 | 000,032,072 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\rootkitunhookerlog
[2010/09/28 11:31:08 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\RKUnhookerLE.EXE
[2010/09/27 06:02:45 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\Notepad.lnk
[2010/09/22 06:39:15 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\HiJackThis.lnk
[2010/09/22 06:22:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FMS\Desktop\OTL.exe
[2010/09/21 15:43:32 | 001,193,882 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\tdsskiller.zip
[2010/09/21 06:19:52 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LAcey.lnk
[2010/09/20 07:00:08 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\TFC.exe
[2010/09/20 06:59:42 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\FMS\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/20 06:59:37 | 000,000,643 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\NTREGOPT.lnk
[2010/09/20 06:59:37 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\ERUNT.lnk
[2010/09/20 06:59:16 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\erunt-setup.exe
[2010/09/20 06:58:31 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\lacey.exe
[2010/09/20 06:58:23 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010/09/18 07:04:26 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\FMS\Start Menu\Programs\Startup\Palm Registration.lnk
[2010/09/18 06:45:00 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\FMS\Local Settings\Application Data\housecall.guid.cache
[2010/09/18 06:43:44 | 001,913,056 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\FMS\Desktop\HousecallLauncher.exe
[2010/09/18 06:13:01 | 000,001,721 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\System Shield.lnk
[2010/09/18 03:20:16 | 000,251,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/17 12:54:58 | 000,459,696 | ---- | M] () -- C:\ss_dm.exe
[2010/09/17 12:09:27 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2010/09/17 10:03:04 | 000,066,216 | ---- | M] () -- C:\Documents and Settings\FMS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/17 06:54:41 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/17 06:54:41 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/17 06:54:41 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/17 06:53:31 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/09/17 06:49:09 | 002,105,070 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/09/17 06:30:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/16 14:14:29 | 000,000,009 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini
[2010/09/16 10:16:21 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\FMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/16 09:27:43 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\FMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/16 09:27:43 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/15 10:43:43 | 000,006,906 | ---- | M] () -- C:\Documents and Settings\FMS\Application Data\wklnhst.dat
[2010/09/15 06:55:25 | 000,000,410 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/15 06:55:02 | 000,000,225 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2010/09/15 06:55:02 | 000,000,093 | ---- | M] () -- C:\WINDOWS\brpcfx.ini
[2010/09/07 14:44:52 | 001,293,400 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\FMS\Desktop\TDSSKiller.exe
[2010/08/27 07:35:47 | 000,919,384 | ---- | M] () -- C:\Documents and Settings\FMS\My Documents\CountryCleanersMMDSept10.pdf
[2010/08/09 14:51:12 | 000,378,880 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\FMS\Desktop\JavaRa.exe
[2010/08/08 14:09:10 | 000,002,758 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\Deutsch.lng
[2010/08/08 14:08:52 | 000,002,553 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\Suomi.lng
[2010/08/08 14:08:40 | 000,003,027 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\Français.lng
[2010/08/08 14:08:20 | 000,002,920 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\Italiano.lng
[2010/08/08 14:08:04 | 000,002,946 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\Español.lng
[2010/08/08 14:07:50 | 000,003,127 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\Nederlands.lng
[2010/08/01 13:24:58 | 000,322,351 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\JavaRa.def
[2010/07/30 07:20:36 | 000,912,333 | ---- | M] () -- C:\Documents and Settings\FMS\My Documents\CountryCleanersMMDAug10 1.pdf
[2010/07/14 06:26:24 | 000,000,482 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/09 12:52:17 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\FMS\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
[2010/07/09 12:52:17 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\FMS\Desktop\FinalMediaPlayer.lnk

========== Files Created - No Company Name ==========

[2010/09/30 08:27:34 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2010/09/30 08:17:04 | 000,322,351 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\JavaRa.def
[2010/09/30 08:17:04 | 000,003,127 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\Nederlands.lng
[2010/09/30 08:17:04 | 000,003,027 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\Français.lng
[2010/09/30 08:17:04 | 000,002,946 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\Español.lng
[2010/09/30 08:17:04 | 000,002,920 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\Italiano.lng
[2010/09/30 08:17:04 | 000,002,758 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\Deutsch.lng
[2010/09/30 08:17:04 | 000,002,553 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\Suomi.lng
[2010/09/30 08:16:51 | 000,156,329 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\JavaRa.zip
[2010/09/29 06:50:00 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\dds.scr
[2010/09/29 06:14:43 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\MBRCheck.exe
[2010/09/29 06:14:10 | 000,031,568 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\rootkitunhookerreport
[2010/09/28 13:26:06 | 001,193,882 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\tdsskiller.zip
[2010/09/28 12:09:16 | 000,001,947 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/28 11:52:21 | 000,032,072 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\rootkitunhookerlog
[2010/09/28 11:47:55 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\RKUnhookerLE.EXE
[2010/09/25 05:58:11 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\gmer.exe
[2010/09/21 06:19:52 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LAcey.lnk
[2010/09/20 06:59:42 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\FMS\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/20 06:59:37 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\NTREGOPT.lnk
[2010/09/20 06:59:37 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\ERUNT.lnk
[2010/09/18 07:43:39 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\HiJackThis.lnk
[2010/09/18 06:45:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\FMS\Local Settings\Application Data\housecall.guid.cache
[2010/09/17 12:54:37 | 000,459,696 | ---- | C] () -- C:\ss_dm.exe
[2010/09/17 12:14:56 | 000,001,721 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\System Shield.lnk
[2010/09/17 12:09:27 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/09/16 09:27:43 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\FMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/16 09:27:43 | 000,001,634 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/15 06:55:25 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/15 06:55:02 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/09/15 06:55:02 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/09/15 06:54:53 | 003,772,416 | ---- | C] () -- C:\Documents and Settings\FMS\ntuser.dat
[2010/09/15 06:54:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2010/09/15 06:54:09 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2010/09/15 06:54:07 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/09/15 06:54:05 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/08/27 07:35:47 | 000,919,384 | ---- | C] () -- C:\Documents and Settings\FMS\My Documents\CountryCleanersMMDSept10.pdf
[2010/07/30 07:20:36 | 000,912,333 | ---- | C] () -- C:\Documents and Settings\FMS\My Documents\CountryCleanersMMDAug10 1.pdf
[2010/07/14 06:46:12 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\Outlook Express.lnk
[2010/07/09 12:52:17 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\FMS\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
[2010/07/09 12:52:17 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\FMS\Desktop\FinalMediaPlayer.lnk
[2009/07/27 06:28:10 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\FMS\Application Data\dvd.bmk
[2007/07/16 10:21:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TECK.dll
[2007/07/16 10:21:39 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/07/16 10:21:39 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/07/12 13:02:43 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\tls704d.dll
[2007/07/12 13:02:43 | 000,409,600 | ---- | C] () -- C:\WINDOWS\System32\NOVA_API.dll
[2007/07/12 13:02:43 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\cmeparse.dll
[2007/07/12 13:02:43 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\ipinplus32.dll
[2007/07/12 12:51:57 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2007/03/29 11:04:52 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\FMS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/26 19:29:41 | 000,006,906 | ---- | C] () -- C:\Documents and Settings\FMS\Application Data\wklnhst.dat
[2007/01/25 09:45:02 | 000,006,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\whfltr2k.sys
[2006/12/16 08:43:53 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\FMS\Local Settings\Application Data\fusioncache.dat
[2006/12/05 14:05:40 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/05 14:05:40 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\A777487C0E.sys
[2006/11/29 11:27:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/10/18 23:19:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/18 23:15:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/18 23:11:02 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/18 22:42:52 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 16:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[1999/06/05 15:47:06 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MSPOS_USB.dll

========== LOP Check ==========

[2007/02/15 14:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/09/17 12:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/09/16 16:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft(2)
[2007/12/06 01:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/10/18 23:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/20 09:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/10 12:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FMS\Application Data\FinalMediaPlayer
[2007/02/15 14:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FMS\Application Data\HotSync
[2010/09/18 07:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FMS\Application Data\iolo
[2007/02/15 14:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FMS\Application Data\Leadertech
[2007/02/15 14:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FMS\Application Data\Smith Micro
[2007/02/26 19:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FMS\Application Data\Template
[2006/11/29 11:20:38 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job

========== Purity Check ==========

< End of report >

#25
azarl

Posted 30 September 2010 - 12:00 PM

GeekU Admin

Community Leader
25,310 posts

Just add, we have removed it

#26
inthewoods

Posted 30 September 2010 - 01:09 PM

Member

Topic Starter
Member
23 posts

I tried. Upon installation I get the Welcome to Java Screen, I push Install on the next page and I still get the message "The feature you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter and alternate path to a folder containting the installation package 'jre1.6.0_18-c.msi' in the box below."

I push Cancel and it gives me the next box "Error 1714. The older version of Java™ 6 Update 21 cannot be removed. Contact your technical support group.

I push OK and it says installation failed.

Edited by inthewoods, 30 September 2010 - 01:13 PM.

#27
azarl

Posted 01 October 2010 - 02:14 AM

GeekU Admin

Community Leader
25,310 posts

We'll get that sorted out by one of the techs before we go any further.

Make a new thread in http://www.geekstogo...p-2000-2003-nt/ and title it something like "Can't install Java". In the topic desription - "Referred from Malware forum"

In the topic post a link to this thread and explain how you cannot get Java to install. Once sorted make a post here again and we'll continue

#28
inthewoods

Posted 05 October 2010 - 11:15 AM

Member

Topic Starter
Member
23 posts

Okay I finally got it figured out. Ran the scan and it came up empty handed. Computer is still giving me the redirects as well.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, October 5, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, October 05, 2010 11:10:02
Records in database: 4281827
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 69995
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:55:29

No threats found. Scanned area is clean.

Selected area has been scanned.

#29
azarl

Posted 05 October 2010 - 12:54 PM

GeekU Admin

Community Leader
25,310 posts

ComboFix
Download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your Antivirus and Antispyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#30
inthewoods

Posted 06 October 2010 - 06:40 AM

Member

Topic Starter
Member
23 posts

ComboFix 10-10-05.04 - FMS 10/06/2010 6:24.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.440 [GMT -6:00]
Running from: c:\documents and settings\FMS\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: System Shield *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . Failed to delete

----- BITS: Possible infected sites -----

hxxp://download.iolo.net
.
((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-05 12:31 . 2010-10-05 12:30 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-05 12:30 . 2010-10-05 12:30 -------- d-----w- c:\program files\Java
2010-10-02 12:19 . 2010-10-02 12:19 -------- d-----w- c:\program files\VS Revo Group
2010-09-28 17:33 . 2010-09-28 17:33 -------- d-----w- C:\_OTL
2010-09-22 12:17 . 2010-09-22 12:19 -------- d-----w- c:\windows\system32\unknown
2010-09-22 12:14 . 2010-09-22 12:14 -------- d-----w- c:\documents and settings\FMS\Local Settings\Application Data\WinZip
2010-09-21 12:21 . 2010-09-21 12:21 -------- d-----w- c:\documents and settings\FMS\Application Data\Malwarebytes
2010-09-21 12:19 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-21 12:19 . 2010-09-21 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-21 12:19 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-20 12:59 . 2010-09-20 12:59 -------- d-----w- c:\program files\ERUNT
2010-09-20 12:58 . 2010-09-21 12:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-20 12:50 . 2010-09-20 12:58 576000 ----a-w- C:\OTL.exe
2010-09-20 12:49 . 2010-09-20 12:58 6153384 ----a-w- C:\lacey.exe
2010-09-20 12:48 . 2010-09-20 12:59 791393 ----a-w- C:\erunt-setup.exe
2010-09-20 12:47 . 2010-09-20 13:00 446464 ----a-w- C:\TFC.exe
2010-09-18 13:43 . 2010-09-18 13:43 388096 ----a-r- c:\documents and settings\FMS\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-18 13:43 . 2010-09-18 13:43 -------- d-----w- c:\program files\Trend Micro
2010-09-18 12:12 . 2010-04-12 16:25 10466216 ----a-w- c:\documents and settings\All Users\Application Data\iolo\System Shield\SSEngineUpd.exe
2010-09-17 19:00 . 2010-09-17 19:00 -------- d-----w- C:\iolo
2010-09-17 18:54 . 2010-09-17 18:54 459696 ----a-w- C:\ss_dm.exe
2010-09-17 18:20 . 2010-09-17 18:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2010-09-17 18:15 . 2010-09-17 18:15 -------- d-----w- c:\program files\Common Files\Authentium
2010-09-17 18:14 . 2009-11-12 00:46 118784 ----a-w- c:\windows\system32\iavlsp.dll
2010-09-17 18:14 . 2010-09-17 18:14 -------- d-----w- c:\program files\iolo
2010-09-17 18:09 . 2010-09-17 18:09 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-09-17 18:08 . 2010-09-18 13:01 -------- d-----w- c:\documents and settings\FMS\Application Data\iolo
2010-09-17 18:08 . 2010-09-17 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-09-17 12:34 . 2010-09-17 12:34 -------- d-----w- c:\windows\system32\scripting
2010-09-17 12:34 . 2010-09-17 12:34 -------- d-----w- c:\windows\system32\en
2010-09-17 12:34 . 2010-09-17 12:34 -------- d-----w- c:\windows\l2schemas
2010-09-17 12:34 . 2010-09-17 12:34 -------- d-----w- c:\windows\system32\bits
2010-09-16 22:56 . 2010-09-16 22:56 -------- d-----w- c:\windows\ie8updates
2010-09-16 22:51 . 2010-09-16 22:51 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-16 22:32 . 2010-09-16 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft(2)
2010-09-16 22:27 . 2010-09-16 22:27 -------- d-----w- c:\program files\FinalMediaPlayer
2010-09-16 20:29 . 2010-09-16 20:29 -------- d-sh--w- c:\documents and settings\FMS\IECompatCache
2010-09-16 16:17 . 2010-09-16 16:17 -------- d-sh--w- c:\documents and settings\FMS\PrivacIE
2010-09-16 16:16 . 2010-09-16 16:16 -------- d-sh--w- c:\documents and settings\FMS\IETldCache
2010-09-16 16:15 . 2010-09-16 16:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-16 16:11 . 2010-09-16 16:12 -------- dc-h--w- c:\windows\ie8
2010-09-16 15:28 . 2010-09-16 15:28 -------- d-----w- c:\documents and settings\FMS\Local Settings\Application Data\Mozilla
2010-09-15 13:20 . 2010-09-15 13:20 -------- d-----r- c:\documents and settings\FMS\Application Data\Brother
2010-09-15 13:15 . 2010-09-15 13:15 -------- d-----w- c:\documents and settings\FMS\Local Settings\Application Data\Scansoft
2010-09-15 12:55 . 2001-08-17 19:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2010-09-15 12:55 . 2001-08-17 19:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2010-09-15 12:49 . 2010-09-15 12:49 10134 ----a-r- c:\documents and settings\FMS\Application Data\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
2010-09-15 12:49 . 2010-09-15 12:49 -------- d-----w- c:\program files\Nuance
2010-09-15 12:48 . 2010-09-15 12:48 -------- d-----w- c:\program files\ScanSoft
2010-09-15 12:47 . 2010-09-15 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 12:30 . 2007-07-16 16:21 -------- d-----w- c:\program files\Active-Charge
2010-10-05 20:08 . 2009-05-11 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-29 13:34 . 2010-05-24 18:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-28 19:29 . 2004-08-04 03:58 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-09-28 18:08 . 2006-10-19 05:11 -------- d-----w- c:\program files\Google
2010-09-28 17:33 . 2006-10-19 05:11 -------- d-----w- c:\program files\BAE
2010-09-17 16:03 . 2006-11-29 17:24 66216 ----a-w- c:\documents and settings\FMS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-17 12:37 . 2004-08-11 22:14 87699 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-09-16 20:14 . 2010-09-15 12:54 -------- d-----w- c:\program files\Brother
2010-09-16 19:47 . 2006-10-19 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-09-15 16:43 . 2007-02-27 01:29 6906 ----a-w- c:\documents and settings\FMS\Application Data\wklnhst.dat
2010-09-15 12:54 . 2006-10-19 05:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-17 13:17 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-06 18:47 . 2010-08-06 18:47 503808 ----a-w- c:\documents and settings\FMS\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7b10f21f-n\msvcp71.dll
2010-08-06 18:47 . 2010-08-06 18:47 499712 ----a-w- c:\documents and settings\FMS\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7b10f21f-n\jmc.dll
2010-08-06 18:47 . 2010-08-06 18:47 348160 ----a-w- c:\documents and settings\FMS\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7b10f21f-n\msvcr71.dll
2010-08-06 18:47 . 2010-08-06 18:47 61440 ----a-w- c:\documents and settings\FMS\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-325d152b-n\decora-sse.dll
2010-08-06 18:47 . 2010-08-06 18:47 12800 ----a-w- c:\documents and settings\FMS\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-325d152b-n\decora-d3d.dll
2010-07-22 15:49 . 2004-08-11 22:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 23:04 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2006-12-05 20:11 . 2006-12-05 20:05 88 --sh--r- c:\windows\system32\A777487C0E.sys
2006-12-05 20:11 . 2006-12-05 20:05 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-10-19 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-19 98304]
"MMTray"="c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe" [2005-09-09 110592]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-19 169984]
"PalmTether"="c:\program files\Verizon Wireless\VZAccess Manager\Drivers\Palm\TetherApp.exe" [2006-02-09 143360]
"QUICKCARE"="c:\program files\Qwest\QuickCare\bin\sprtcmd.exe" [2007-05-10 198800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2007-03-11 86016]

c:\documents and settings\FMS\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Palm Registration.lnk - c:\program files\Palm\register.exe [2006-1-4 2441216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Service Manager.lnk - c:\mssql7\Binn\sqlmangr.exe [2006-11-29 110592]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-10-13 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Program Files\\iolo\\System Shield\\SysShield.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1433:TCP"= 1433:TCP:database

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [9/6/2009 6:06 AM 169312]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [1/19/2010 6:53 PM 127016]
R2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [1/19/2010 6:53 PM 1118248]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9/17/2010 12:14 PM 711352]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9/17/2010 12:14 PM 711352]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [1/19/2010 6:46 PM 121384]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [1/19/2010 6:46 PM 117288]
R3 elomoufiltr;ELO TouchSystems-SRV2;c:\windows\system32\drivers\elofiltr.sys [12/5/2006 11:50 AM 28160]
R3 EloUsb;ELO TouchSystems-SRV;c:\windows\system32\drivers\EloUsb.Sys [12/5/2006 11:50 AM 66048]
R3 palmmdm;Palm Modem;c:\windows\system32\drivers\palmmdm.sys [1/30/2006 2:42 PM 9728]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [1/25/2007 9:45 AM 6784]
S2 gupdate1c9d26be2f6b062;Google Update Service (gupdate1c9d26be2f6b062);c:\program files\Google\Update\GoogleUpdate.exe [5/11/2009 1:08 PM 133104]
S3 MagEpNt;MagEpNt;c:\windows\system32\drivers\magepnt.sys [7/16/2007 10:21 AM 26304]
S3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [1/19/2010 6:46 PM 158248]
.
Contents of the 'Scheduled Tasks' folder

2010-10-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-11 19:06]

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 19:08]

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 19:08]

2006-11-29 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-11 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.chase.com/Chase.html
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=xP4YYRHSDevp5n6jWUmFbQGcoBI
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
LSP: c:\windows\system32\iavlsp.dll
Trusted Zone: musicmatch.com\online
DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
AddRemove-EloTouchscreen - c:\program files\EloTouchSystems\EloSetup
AddRemove-StreetPlugin - c:\program files\Learn2.com\StRunner\stuninst.exe

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\iavlsp.dll

- - - - - - - > 'explorer.exe'(2700)
c:\advanc~1\wh_hook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\EloSrvce.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\mssql7\binn\sqlservr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iolo\System Shield\ioloSSTray.exe
c:\windows\stsystra.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\windows\system32\EloDkMon.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\windows\system32\EloTTray.exe
c:\progra~1\VERIZO~1\VZACCE~1\Drivers\Palm\PALMON~1.EXE
.
**************************************************************************
.
Completion time: 2010-10-06 06:36:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-06 12:36

Pre-Run: 54,230,097,920 bytes free
Post-Run: 54,307,311,616 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - ACF379108C4AFB468F1B87C8785E89A9